actions / attest-sbom
Action for generating SBOM attestations for workflow artifacts
☆25Updated last week
Alternatives and similar repositories for attest-sbom:
Users that are interested in attest-sbom are comparing it to the libraries listed below
- ☆15Updated last month
- Generate SBOMs with gh CLI☆178Updated 6 months ago
- An Action for printing OIDC claims in GitHub Actions.☆83Updated last week
- Run tfsec with reviewdog on pull requests to enforce security best practices☆74Updated last week
- Github action that turns your reusable workflows and custom actions into easy to read markdown tables.☆48Updated this week
- ☆19Updated 3 years ago
- Need to centrally manage and run Actions workflows across multiple repositories? This app does it for you.☆133Updated 10 months ago
- Find license compliance and security issues in your applications with FOSSA and GitHub Actions.☆51Updated last month
- Sets up Open Policy Agent CLI in your GitHub Actions workflow.☆48Updated 11 months ago
- A GitHub Action used for publishing an Action to ghcr.io as an OCI container.☆71Updated 4 months ago
- Github Action implementation of SLSA Provenance Generation☆47Updated 2 weeks ago
- Action for generating attestations for workflow artifacts☆44Updated last week
- A GitHub action for organizations that enables advanced security code scanning on all new repos☆39Updated last year
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Updated 2 years ago
- A GitHub Action to suggest removal of non-organization members from CODEOWNERS files☆127Updated last week
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆41Updated last year
- Example of using Actions OIDC token to proxy into a private network☆91Updated last month
- Compare vulnerability scanners results (to make them better!)☆16Updated this week
- Runner Container Hooks for GitHub Actions☆84Updated 4 months ago
- A Github Action to ensure that actions are pinned to full length commit SHAs☆41Updated last week
- Run hadolint with reviewdog 🐶☆51Updated this week
- [GitHub] A Command Line ToolKit for GitHub Security Alert.☆27Updated 4 months ago
- ☆48Updated 7 months ago
- A GitHub Action for sigstore-python☆50Updated last month
- An SBOM query language and associated utilities☆54Updated last year
- 🐚 GitHub Action for running ShellCheck differentially☆59Updated 2 weeks ago
- An OIDC client to retrieve a GitHub API scoped token from within an Actions workflow☆27Updated 11 months ago
- Experimental: TFLint ruleset plugin for writing custom rules in Rego.☆67Updated last week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆33Updated last month
- Prevent leaks with gitleaks, and use tests to validate☆32Updated 3 months ago